Automate Recon and scanning process with Vidoc. All security teams in one place
The "Laravel Debug Enabled" module is designed to detect misconfigurations in Laravel applications where the
APP_DEBUG setting is enabled. This module targets Laravel, a popular PHP framework used for web application development. The severity of this module is classified as medium.
APP_DEBUG setting is enabled in Laravel, verbose error messages may be displayed. This can potentially expose sensitive information about the application's code and configuration, making it easier for attackers to identify vulnerabilities and exploit them.
The "Laravel Debug Enabled" module works by sending an HTTP GET request to the
/_ignition/health-check endpoint of the target Laravel application. It then applies matching conditions to determine if the application has debug mode enabled.
The matching conditions for this module are as follows:- The response body must contain the word
can_execute_commands. - The response status code must be
If both conditions are met, the module will report a misconfiguration, indicating that Laravel's debug mode is enabled.
Remediation: Disable Laravel's debug mode by setting the
APP_DEBUG configuration option to
Metadata: max-request: 1